IETF Logo Mail Archive

Re: [TLS] Ticket request PR#20

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 19 April 2020 23:06 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0167F3A0873 for <tls@ietfa.amsl.com>; Sun, 19 Apr 2020 16:06:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tsr2Q6pCU7_j for <tls@ietfa.amsl.com>; Sun, 19 Apr 2020 16:06:25 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A29F73A0870 for <tls@ietf.org>; Sun, 19 Apr 2020 16:06:25 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 823D71A93B9; Sun, 19 Apr 2020 19:06:23 -0400 (EDT)
Date: Sun, 19 Apr 2020 19:06:23 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20200419230623.GZ41308@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <20200419222318.GY41308@straasha.imrryr.org> <CABcZeBPKiWw3BJtX-sU_E3Zhw3M92PVqsVZkqu1ATkLnJaJrRA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBPKiWw3BJtX-sU_E3Zhw3M92PVqsVZkqu1ATkLnJaJrRA@mail.gmail.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/V1avQFfhZ-DPD4Bx-MTZYfMAmdQ>
Subject: Re: [TLS] Ticket request PR#20
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Apr 2020 23:06:27 -0000

On Sun, Apr 19, 2020 at 03:41:49PM -0700, Eric Rescorla wrote:

> I don't think we should make this change. In the context of this draft, if
> the client wants that behavior, it should send {1, 1}.

That precludes clients from soliciting 0 *only* from servers that
support some future specification, and otherwise getting 1 from
servers that support only the current specification.

Such clients are not looking for a static server behaviour, but
rather need only certain servers to return 0, and the rest
to return 1.

In any case, if sending 1 or more unconditionally was fine for RFC8446
(e.g. per the text in C.4) it is hard to imagine why it is suddenly so
important to insist that the server be able to send 0 when receiving
{1, 0} or {0, 1}.

Servers that don't support this new extension at all will send 1 (or
more).  So it is clearly not a big deal also for servers that do
support it to do likewise.

Since there is no specific *use-case* for {1, 0} to mean 0 at present,
that couldn't also be handled by sending {0, 0}, there is no reason
to stand in the way of defining {1, 0} to be a solicitation for at
least 1 ticket regardless of the handshake type.

The only objection that makes sense is a blocking tactic to preclude
potential future refinement of this draft to support reuse, but surely
blocking that evolution can be deferred to the discussion of the
(misguided?) I-D that proposes it.

-- 
    Viktor.

v2.23.0 | Report a Bug | By Email